Exploring PCI And Customer Data Security Presented by: Gina R. George, MCSE, CBC Corporate Communications Director The Midwest’s Leading Supplier of Digital Recording Solutions for Voice, Video & Data Much of this presentation was created by Kristyn Emenecker, Director, Solutions Marketing, Verint Systems, Inc. , and is used with her permission.
• Founded in 1983 • Headquartered in Grove City, OH • Sales & Support Offices in IN and IL • Platinum Business Partner for Verint Systems and 2007 Verint Business Partner of the Year • Authorized Reseller for VIQ Solutions • Seller of SCI-DVR • Additional Lines: AMAG, Firetide, c. Notify
Myth: The Call Center’s Not A High Risk Area
Customer Privacy Management
Data Intensive Environment + Transient/Offsite Staff = Perfect Storm
In The News Recently…
Call Recording: Key To Fraud Protection
Call Recording: A Double-Edged Sword
What Is PCI-DSS?
What Is PCI-DSS: A Second Opinion “The PCI Data Security Standard was launched in 2006 by private-sector organizations to improve the security of credit card data. But PCI has instead become a massive butt-covering exercise that extends from retailers to auditors to major credit card brands. Whether data is any safer remains to be seen. ” Andrew Conry-Murray PCI And The Circle Of Blame Information Week February 23, 2008
Card Security Programs
12 Primary Requirements of PCI-DSS
12 Primary Requirements of PCI-DSS
Who Has To Worry About PCI?
What Does The Future Hold?
Data Security: More Than PCI
Where Do Call Recordings Fit In?
CVV 2: A Special Concern
Call Recording & PCI: Possible Solutions End-to-end encryption • Encrypt audio and screens at acquisition • Decrypt only at playback Data avoidance • Pause recording while caller speaks sensitive information • Mute recording while caller speaks sensitive information • Tone over recording while caller speaks sensitive information Data deletion • Delete part or all of the recording after the call is completed
Possible Solutions: Scenario #1 Large catalog retailer • • • Records for QA only Voice & Screens Contact Center, Branch Office & Work-at-Home Agents Compliance Methodology: Data Deletion • • Agents use an applet on their workstations to tag credit card calls • Calls can be manually tagged later by supervisor if missed by agent and found during QA review • Reports are generated and correlated to credit card authorization records to prevent system abuse Recording system does automatic sweep every two minutes and purges tagged calls
Possible Solutions: Scenario #2 Large public utility • • • Records for QA and compliance Voice & Screens Contact Center, Branch Office & Work-at-Home Agents Compliance Methodology: Data Deletion • Automated process scans call recording database for agent ID, date and time • Process compares result to similar scan of credit card transaction files • Upon finding a match, process deletes audio and screen files from call recorder
Where Do You Go From Here?
For more information visit: www. soundcommunications. com Or call: Toll-free (800) 556 -8556, x 718 Local (614) 875 -8500, x 718 or (614) 317 -9062 The Jackson Building 3440 Park Street Grove City, OH 43123
Скачать презентацию Exploring PCI And Customer Data Security Presented by
6c1ccc1b6665b3db3009dbea1eaa410f.ppt